Advanced Security Access Mode

The Marketo SDK exposes methods to set and remove the security signature. There is also a utility method to retrieve the device ID. The device ID should be passed along with the email, upon login, to the customer server for use in calculating the security signature. The SDK should the hit new endpoint, pointing to algorithm listed above, to retrieve the necessary fields to instantiate the signature object. Setting this signature in the SDK is a necessary step if the Security Access Mode has been enabled in Marketo Mobile Admin.

Secure Access Mode Setup

This setup must be implemented before the Secure Access mode has been enable via the Marketo Admin > Mobile Apps & Devices page. The following further steps describe the process required to complete the security validation process:

1. Secure Access mode requires implementing the signature algorithm on the customer server-side that will provide an endpoint to retrieve the access key, calculated signature, expiry timestamp, and email. This algorithm requires the user access key, access secret, email, timestamp, and device id to preform the calculation. The customer is responsible for setting up endpoint, implementing the algorithm to preform signature calculations, and also keep expiration timestamp fresh.

parser.add_argument("-t","--timestamp",type=int,help="Valid until timestamp")

args=parser.parse_args()

string_to_sign=get_string_to_sign(args.email,args.uuid)

ifnotargs.timestamp:

valid_until=get_epoch_plus_day()

else:

valid_until=args.timestamp

signing_key=get_signing_key(valid_until)

hmac_string=get_hmac(signing_key,string_to_sign)

print'HMAC is ',hmac_string

2. The Marketo SDK exposes new methods to set and remove the security signature. There is also a utility method to retrieve the device ID. The device ID should be passed along with the email, upon login, to the customer server for use in calculating the security signature. The SDK should the hit new endpoint, pointing to algorithm listed above, to retrieve the necessary fields to instantiate the signature object. Setting this signature in the SDK is a necessary step if the Security Access Mode has been enabled in Marketo Mobile Admin.

Latest Blog Posts

Keep up with what's new in the developer world

Important Change to Activity Records in Marketo APIs March 1, 2017 Note: This post will be updated to reflect changes made to activity records returned by the API due to migration to new infrastructure.
With the rollout of Marketo’s next-generation Activity Service beginning in Septmeber, we will be unable to enforce the uniqueness or presence of the integer “id” field in activities, data value changes, or lead deletion ... Read More >

Internet of Things for Marketers with IFTTT and Zapier June 20, 2017 The Internet of Things (IoT) is the inter-networking of connected devices, appliances, wearables, vehicles, etc. with embedded electronics, software, sensors, and network connectivity that enable these objects to collect and exchange data with cloud information systems. These technologies are growing and trending so fast that they will impact how we live, how we work and ... Read More >

Spring 2017 Updates June 16, 2017 In the Spring 2017 release, we are adding the ability to bulk extract lead and activity object data asynchronously, and to manipulate named account lists. See the full list of updates below.
Lead Database APIs
Bulk Extract of Leads
New endpoints to support extraction of leads in bulk. Specify record selection criteria using a variety of options. Details can ... Read More >